internal static void ValidateCertificate(ExchangeCertificate certificate, bool skipAutomatedDeploymentChecks)
{
ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true);
if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid)
{
throw new FederationCertificateInvalidException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString()));
}
if (string.IsNullOrEmpty(certificate.SubjectKeyIdentifier))
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNoSKI(certificate.Thumbprint));
}
if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable)
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint));
}
if (!string.Equals(certificate.GetKeyAlgorithm(), WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase))
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotRSA(certificate.Thumbprint));
}
if (TlsCertificateInfo.IsCNGProvider(certificate))
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotCAPI(certificate.Thumbprint));
}
if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow && (ExDateTime)certificate.NotBefore > ExDateTime.UtcNow)
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint));
}
}
internal static void EnsureValidExchangeCertificate(X509Certificate2 cert, bool ignoreAccessible)
{
ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(cert, ignoreAccessible);
if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid)
{
throw new CertificateNotValidForExchangeException(cert.Thumbprint, exchangeCertificateValidity.ToString());
}
}
public static void ValidateCertificate(ExchangeCertificate certificate, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError)
{
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
if (certificate == null)
{
return;
}
try
{
ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true);
if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid)
{
writeError(new TaskException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString())), ErrorCategory.InvalidArgument, null);
}
if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable)
{
writeError(new TaskException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
}
if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow)
{
writeError(new TaskException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
}
if ((ExDateTime)certificate.NotBefore > ExDateTime.UtcNow)
{
writeError(new TaskException(Strings.ErrorCertificateNotYetValid(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
}
if (futurePublishDate != null && futurePublishDate != null && (ExDateTime)certificate.NotAfter <= (ExDateTime)futurePublishDate.Value.ToUniversalTime())
{
writeError(new TaskException(Strings.ErrorAuthNewCertificateExpire(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
}
}
catch (CryptographicException innerException)
{
writeError(new TaskException(Strings.ErrorFailedToValidateCertificate(certificate.Thumbprint), innerException), ErrorCategory.InvalidArgument, null);
}
}
